wip

2021-07-06 22:56:43 +02:00 · 2021-07-06 22:56:43 +02:00 · db7baec56e
commit db7baec56e
parent 2983ccdf36
4 changed files with 30 additions and 13 deletions
--- a/bundles/gitea/metadata.py
+++ b/bundles/gitea/metadata.py
@ -74,20 +74,13 @@ defaults = {
    'nginx/vhosts',
 )
 def nginx(metadata):
-    if not node.has_bundle('nginx'):
-        raise DoNotRunAgain
-
    return {
        'nginx': {
            'vhosts': {
                metadata.get('gitea/domain'): {
-                    'proxy': {
-                        '/': {
-                            'target': 'http://127.0.0.1:22000',
-                        },
+                    'location /': {
+                        'proxy_pass': 'http://127.0.0.1:3500',
                    },
-                    'website_check_path': '/user/login',
-                    'website_check_string': 'Sign In',
                },
            },
        },
--- a/bundles/letsencrypt/items.py
+++ b/bundles/letsencrypt/items.py
@ -34,10 +34,10 @@ actions['letsencrypt_update_certificates'] = {
    },
 }

-for domain, _ in node.metadata.get('letsencrypt/domains').items():
-    actions['letsencrypt_ensure-some-certificate_{}'.format(domain)] = {
-        'command': '/etc/dehydrated/letsencrypt-ensure-some-certificate {}'.format(domain),
-        'unless': '/etc/dehydrated/letsencrypt-ensure-some-certificate {} true'.format(domain),
+for domain in node.metadata.get('letsencrypt/domains').keys():
+    actions[f'letsencrypt_ensure-some-certificate_{domain}'] = {
+        'command': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain}',
+        'unless': f'/etc/dehydrated/letsencrypt-ensure-some-certificate {domain} true',
        'needs': {
            'file:/etc/dehydrated/letsencrypt-ensure-some-certificate',
        },
--- a/bundles/letsencrypt/metadata.py
+++ b/bundles/letsencrypt/metadata.py
@ -8,9 +8,29 @@ defaults = {
        'letsencrypt_renew': '{} 4 * * *    root    /usr/bin/dehydrated --cron --accept-terms --challenge http-01 > /dev/null'.format((node.magic_number % 60)),
        'letsencrypt_cleanup': '{} 4 * * 0    root    /usr/bin/dehydrated --cleanup > /dev/null'.format((node.magic_number % 60)),
    },
+    'letsencrypt': {
+        'domains': {},
+    },
    'pacman': {
        'packages': {
            'dehydrated': {},
        },
    },
 }
+
+
+@metadata_reactor.provides(
+    'letsencrypt/domains'
+)
+def delegated_domains(metadata):
+    return {
+        'letsencrypt': {
+            'domains': {
+                domain: {}
+                    for other_node in repo.nodes
+                    if other_node.has_bundle('letsencrypt')
+                        and other_node.metadata.get('letsencrypt/delegate_to_node', None) == node.name
+                    for domain in other_node.metadata.get('letsencrypt/domains').keys()
+            },
+        },
+    }
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@ -6,6 +6,7 @@
        'debian-10',
 #        'nextcloud',
        'monitored',
+        'webserver',
    ],
    'bundles': [
        'gitea',
@ -47,6 +48,9 @@
            'readonly_token': '!decrypt:encrypt$gAAAAABg3z1-0hnUdzsfivocxhJm58YnPLn96OUvnHiPaehdRhKd6TZBgEPc5YyR07t2-GEUfOvEwoie-O6QsVhWYxrwxNTBXux_iUSx7W6e-fLQA_3MgWf5G97q_3kx_wCgQ6V0iKRyxH988TpNSMACfS4WhCXdSes1CaMpic4VV3S3ox_gCrSHxO7yVXQkJDnOW0MixY5T',
            'writeonly_token': '!decrypt:encrypt$gAAAAABg3z6fGrOy2tNdo03RoYAXmpJoJYkfhBfpblPh_wxYfqmdjtABaD7XyV9mSh9xl8oWQlTAtCk9KndVCDQy7BJ-ju7S3HCKJ0k244Y5YKxUnQtqt9fc9nnm8XD-NOJqLKyfy0QhL_I8dFT02pygoJeCUR5NkZcTKf6julb-iGXI6vWcQgolJTYrW643pHObd-Z-vIEl',
        },
+        'letsencrypt': {
+            'delegate_to_node': 'htz.mails',
+        },
        'nextcloud': {
            'hostname': 'cloud.sublimity.de',
            'version': '21.0.1',